Summary | ZeroBOX

xmrig_win32.exe

UPX Malicious Library Malicious Packer PE64 PE File OS Processor Check
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 6, 2021, 3:59 p.m. Aug. 6, 2021, 4:01 p.m.
Size 6.2MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 6d28a08caf2d90f5d02a2bf8794c7de9
SHA256 bc88a661f0dff0ca800b52e58e78f989455dd257606a9793d6ee9304c3dc76d0
CRC32 9937AF96
ssdeep 98304:MZJzJNRDYMYYoYMYYYYYoYjiYiYiEJzdJzKOebyHNw3eLEdR9PZ55zsIHUQ+gZ1H:MsAL4RtHXoXkBnsPsa
Yara
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 204
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000d70000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Bkav W32.FamVT.SilrionA.Trojan
Lionic Trojan.Win32.Miner.4!c
Elastic malicious (high confidence)
DrWeb Tool.BtcMine.2110
MicroWorld-eScan Gen:Variant.Application.Miner.2
CAT-QuickHeal Trojan.Riskware
McAfee W64/CoinMiner
Cylance Unsafe
Zillya Tool.BitMiner.Win32.278
Sangfor Win.Coinminer.Generic-7151250-0
K7AntiVirus Riskware ( 005622c31 )
Alibaba RiskWare:Win64/Miners.1fec47c3
K7GW Riskware ( 005622c31 )
Cybereason malicious.caf2d9
Arcabit Trojan.Application.Miner.2
Cyren W64/Coinminer.BN.gen!Eldorado
Symantec Miner.Bitcoinminer
ESET-NOD32 a variant of Win64/CoinMiner.PO potentially unwanted
APEX Malicious
Paloalto generic.ml
ClamAV Win.Coinminer.Generic-7151250-0
Kaspersky HEUR:Trojan.Win32.Miner.vho
BitDefender Gen:Variant.Application.Miner.2
NANO-Antivirus Trojan.Win64.Miner.hpchda
Avast Win32:Miner-DM [Trj]
Ad-Aware Gen:Variant.Application.Miner.2
Emsisoft Gen:Variant.Application.Miner.2 (B)
Comodo Malware@#vj7xzemj0ff1
VIPRE Trojan.Win32.Generic!BT
TrendMicro Coinminer.Win64.MALXMR.SMFCD01
McAfee-GW-Edition BehavesLike.Win64.Dropper.vh
FireEye Generic.mg.6d28a08caf2d90f5
Sophos XMRig Miner (PUA)
SentinelOne Static AI - Malicious PE
Jiangmin RiskTool.BitMiner.caby
Avira HEUR/AGEN.1119227
MAX malware (ai score=100)
Antiy-AVL Trojan/Generic.ASMalwS.304FCBB
Gridinsoft Trojan.Win64.CoinMiner.vb
Microsoft PUA:Win64/CoinMiner
GData Win32.Application.CoinMiner.Y
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win64.XMR-Miner.R226842
Acronis suspicious
ALYac Misc.Riskware.BitCoinMiner
Malwarebytes RiskWare.BitCoinMiner
TrendMicro-HouseCall Coinminer.Win64.MALXMR.SMFCD01
Rising HackTool.XMRMiner!1.C2EC (CLASSIC)
Yandex Riskware.Agent!aioZI2aG3I4
Ikarus PUA.CoinMiner